RE: Traffic between 2 VPN tunnel on same ASA

Parag,

> -----Original Message-----
> Sent: Thursday, March 18, 2010 7:23 AM
> To: Parag Hadas
> Cc: ccielab_at_groupstudy.com
> Subject: Re: Traffic between 2 VPN tunnel on same ASA
>
> Parag,
>
> This is possible. Just remember to change the Proxy ACL on ASAs to reflect
> the networks behind A and C. I see you have already turned on U-Turn
> feature, so that's fine. Please refer to the following document :
>
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_e
> xample09186a00804675ac.shtml
>

As Piotr already mentioned, you'll need to update your interesting traffic ACLs to carry the traffic. You should not need to worry about no NAT statements on ASA B, but it would apply to A and C. We do this type of configuration a lot, where remote customer networks are accessed from a colo. Rather than building two sets of tunnels, we have just the one to the colo and let it act as the hub. One thing to consider, it will now take twice as long to bring the tunnel up between A and C as it would between A and B. i.e. two or more pings will fail as the tunnels are established.

-ryan

Blogs and organic groups at http://www.ccie.net
Received on Thu Mar 18 2010 - 12:34:56 ART